Search for packages
| purl | pkg:gem/activerecord@3.3 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-n5fx-u6fs-vydu
Aliases: CVE-2014-0080 GHSA-hqf9-rc9j-5fmj OSV-103438 |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/cast.rb in Active Record in Ruby on Rails beta1, when PostgreSQL is used, allows remote attackers to execute "add data" SQL commands via vectors involving \ (backslash) characters that are not properly handled in operations on array columns. |
Affected by 16 other vulnerabilities. Affected by 16 other vulnerabilities. Affected by 15 other vulnerabilities. |
|
VCID-sb9g-rdnm-rqbm
Aliases: CVE-2014-3482 GHSA-mhwp-qhpc-h3jm OSV-108664 |
SQL Injection in Active Record SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 2.x and 3.x before 3.2.19 allows remote attackers to execute arbitrary SQL commands by leveraging improper bitstring quoting. |
Affected by 17 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-04-01T15:18:32.893215+00:00 | Ruby Importer | Affected by | VCID-sb9g-rdnm-rqbm | https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2014-3482.yml | 38.0.0 |
| 2026-04-01T15:18:32.576667+00:00 | Ruby Importer | Affected by | VCID-n5fx-u6fs-vydu | https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activerecord/CVE-2014-0080.yml | 38.0.0 |